US20060047681A1 - Methods and apparatus to reduce a control flow graph using points-to information - Google Patents
Methods and apparatus to reduce a control flow graph using points-to information Download PDFInfo
- Publication number
- US20060047681A1 US20060047681A1 US10/927,672 US92767204A US2006047681A1 US 20060047681 A1 US20060047681 A1 US 20060047681A1 US 92767204 A US92767204 A US 92767204A US 2006047681 A1 US2006047681 A1 US 2006047681A1
- Authority
- US
- United States
- Prior art keywords
- points
- instruction
- call
- control flow
- site
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/41—Compilation
- G06F8/43—Checking; Contextual analysis
- G06F8/433—Dependency analysis; Data or control flow analysis
Definitions
- the present disclosure pertains to compilers and, more particularly, to methods and apparatus to reduce a control flow graph.
- Modern day compilers create data structures such as, for example, a control flow graph to represent the program instructions to be compiled and/or optimized by the compiler.
- the control flow graph includes nodes and directed edges.
- Each node represents a basic block (e.g., a straight-line (i.e., sequential) segment of program instructions without any jumps or jump targets in the middle of the segment).
- the directed edges of the control flow graph represent jumps and/or transitions from a first basic block to a second basic block in the program instructions. Jumps may be a function call, a conditional statement, etc.
- Typical compilers will create a control flow graph using a conservative approach in the presence of instructions used to bypass standard function call and return procedures (e.g., return instructions) such as a setjmp and/or a longjmp instruction in the C programming language.
- the setjmp and longjmp instructions are used in pairs to enable repeat execution of code with the same program state. More specifically, the setjmp instruction is used to save a runtime environment (e.g., values of variables, object values, stack pointer value, and register values) in a setjmp buffer.
- the longjmp instruction is used to restore the runtime environment saved in the setjmp buffer by the corresponding setjmp instruction and to return control to the instruction immediately following the setjmp instruction such that the instruction following the setjmp instruction executes in the restored runtime environment.
- the argument of a longjmp instruction is a pointer which references a setjmp buffer that stores the runtime environment the longjmp instruction is to restore.
- the conservative approach used by typical compilers generally assumes that any function call reachable from a setjmp instruction may return control to the program instruction following the setjmp instruction. In other words, the conservative approach assumes: (1) that every function that may be executed after a setjmp instruction has been executed may contain a longjmp instruction, and (2) the function may return control to the basic block following the setjmp instruction (e.g., a successor block).
- This conservative approach results in extraneous directed edges in the control flow graph. The extraneous directed edges may have an effect on the amount of optimization a compiler may perform.
- FIG. 1 is a listing of an example program containing setjmp and longjmp instructions.
- FIG. 2 is an example control flow graph that may be created by a known compiler to represent the function main( ) of FIG. 1 .
- FIG. 3 is a block diagram of an example embodiment of the invention for creating a reduced control flow graph.
- FIG. 4 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the example system of FIG. 3 .
- FIG. 5 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the summary phase analysis block of FIG. 4 .
- FIG. 6 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the propagation phase analysis block of FIG. 4 .
- FIG. 7 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the application phase analysis block of FIG. 4 .
- FIG. 8 is an example control flow graph that may be generated by the example apparatus of FIG. 3 and/or the machine accessible instructions of FIGS. 4-7 .
- FIG. 9 is a block diagram of an example computer system which may execute the machine accessible instructions represented by the flowcharts of FIGS. 4, 5 , 6 , and/or 7 to implement the apparatus of FIG. 3 .
- FIG. 1 represents an example program 100 containing setjmp and longjmp instructions.
- the function main( ) includes two setjmp instructions 102 , 104 .
- Execution of the first setjmp instruction 102 causes a first runtime environment to be stored in a first setjmp buffer envA 106 .
- Execution of the second setjmp instruction 102 causes a second runtime environment to be stored in a second setjmp buffer envB 108 .
- the setjmp buffers 106 , 108 are specified by function arguments in their corresponding setjmp instructions.
- the two setjmp buffers envA 106 , envB 108 store and/or save the runtime environment that is active when their corresponding setjmp instruction 102 , 104 is executed.
- the runtime environment present at that time is saved in the setjmp buffer envA 106 .
- the setjmp instruction 104 is executed, the runtime environment present at that time is saved in the setjmp buffer envB 108 .
- the setjmp buffers envA, envB may contain the values of the stack pointer, variables, and/or the registers as of the time their corresponding setjmp instructions 102 , 104 are executed.
- the function main( ) also has two call-sites, namely, a call-site 110 to execute foo( ) and a call-site 112 to execute bar( ).
- the call-site 110 invokes foo( ) with the setjmp buffer envA 106 as an argument and, therefore, a longjmp instruction 114 in foo( ) uses a pointer to the runtime environment stored in the setjmp buffer envA 106 as an argument.
- the longjmp instruction 114 may be executed to restore the runtime environment stored in the setjmp buffer envA 106 and to return program execution to a basic block 116 (e.g., the successor block associated with the setjmp instruction 102 that caused the runtime environment to be stored in the setjmp buffer envA).
- the call-site 112 invokes function bar( ) with the setjmp buffer envA 106 and the setjmp buffer envB 108 as arguments.
- a longjmp instruction 118 within the function bar( ) uses a pointer to the setjmp buffer envA 106 as its argument
- a longjmp instruction 120 within the function bar( ) uses a pointer to the setjmp buffer envB 108 as its argument.
- the longjmp instruction 118 may be executed to restore the runtime environment stored in the setjmp buffer envA 106 and to return program execution to the basic block 116 (e.g., a successor block associated with the setjmp instruction 102 ), and the longjmp instruction 120 may be executed to restore the runtime environment stored in the setjmp buffer envB 108 and to return program execution to a basic block 122 (e.g., a successor block associated with the setjmp instruction 104 ).
- the basic block 116 e.g., a successor block associated with the setjmp instruction 102
- the longjmp instruction 120 may be executed to restore the runtime environment stored in the setjmp buffer envB 108 and to return program execution to a basic block 122 (e.g., a successor block associated with the setjmp instruction 104 ).
- FIG. 2 is a control flow graph 200 that may be created by a known compiler to represent the function main( ) of FIG. 1 .
- Each node of the control flow graph 200 represents a basic block of main( ).
- the node 202 represents the call-site 110 to invoke foo( ).
- Each directed edge (e.g., each control flow edge) of the control flow graph 200 represents a possible instruction execution path and/or a jump instruction.
- An example directed edge is the directed edge 208 that indicates control may advance to a node 214 (e.g., the call-site 112 ) after foo( ) is executed.
- Methods to generate the control flow graph 200 of FIG. 2 are well known in the art and are not described herein.
- the control flow graph 200 includes the node 202 that has three directed edges (e.g., directed edges 204 , 206 , 208 ) used to represent the possible paths of execution after foo( ) is executed.
- the directed edge 204 indicates the node 202 may return control to node 210 where the node 210 represents the basic block 122 of FIG. 1 .
- the directed edge 206 indicates the node 202 may return control to a node 212 (e.g., the basic block 116 of FIG. 1 ) if the longjmp instruction 114 of FIG. 1 is executed.
- the directed edge 208 indicates control may advance from node 202 to the node 214 (e.g., the call-site 112 of FIG.
- the directed edge 204 is generated because the known compiler assumes any function call reachable from the setjmp instruction 104 of FIG. 1 may return control to the successor block associated with the setjmp instruction (e.g., the basic block 122 ).
- the directed edge 204 is generated by a known compiler because the known compiler assumes the call-site 110 may, in theory, return control to the successor block of the setjmp instruction 104 .
- the node 214 also has three directed edges (e.g., directed edges 216 , 218 , 220 ) that represent the different paths of execution after bar( ) executes.
- the directed edge 216 indicates control may advance from the node 214 to the node 210 (e.g., the basic block 122 of FIG. 1 ) if the longjmp instruction 118 of FIG. 1 is executed.
- the directed edge 218 indicates control may advance from the node 214 to the node 212 (e.g., the basic block 116 of FIG. 1 ) if the longjmp instruction 120 of FIG. 1 is executed.
- the directed edge 220 indicates the node 214 may return control to a node 222 if neither the longjmp instruction 118 nor the longjmp instruction 120 is executed and bar( ) returns using standard return procedures.
- FIG. 3 is a block diagram of an example apparatus 300 for reducing a control flow graph such as the example control flow graph 200 of FIG. 2 .
- the apparatus 300 may be implemented as several components of hardware each configured to perform one or more functions, may be implemented in software and/or firmware where one or more programs are used to perform the different functions, or may be a combination of hardware, firmware, and/or software.
- the apparatus 300 includes a points-to analysis module 302 , a summary phase module 304 , a propagation phase module 306 , a control flow graph module 308 , and an application phase module 310 which operate upon a set of program instructions 301 .
- the points-to analysis module 302 is configured to receive the set of program instructions 301 from a compiler and to perform a points-to analysis on the program instructions. Specifically, the example points-to analysis module 302 examines memory references in the set of program instructions 301 and identifies the objects and/or memory locations the pointers are referencing. For example, the points-to analysis module 302 may determine the setjmp buffer pointer env_bar 1 references the runtime environment stored in setjmp buffer envA. The points-to analysis module 302 is configured to store the results of the points-to analysis and to provide the results to the summary phase module 304 and/or the application phase module 310 .
- the summary phase module 304 may query the points-to analysis module 302 for the results of the points-to analysis and/or the points-to analysis module 302 may store the results in a memory location accessible to the summary phase module 304 , the propagation phase module 306 , and/or the application phase module 310 .
- the summary phase module 304 is configured to analyze: (1) each function in the set of program instructions 301 and (2) call-site(s) within each function that restore a runtime environment and bypass standard function calls and return procedures (e.g., each restore and return instruction such as a longjmp instruction).
- the summary phase module 304 examines each function within the set of program instructions 301 and uses the points-to analysis results generated by the points-to analysis module 302 to determine the runtime environment associated with each restore and return instruction (e.g., the runtime environment restored by each longjmp instruction).
- the summary phase module 304 may analyze the function bar( ) of FIG. 1 , and determine that the runtime environments restored by longjmp instructions 118 , 120 are the runtime environment stored in the setjmp buffer envA 106 and the runtime environment stored in the setjmp buffer envB 108 . The summary phase module 304 thus stores the contents of the setjmp buffers 106 , 108 in the points-to set for the function bar( ).
- bar.longjmp_pt_set ⁇ the setjmp buffer envA 106 and the setjmp buffer envB 108 ⁇ ).
- the resulting points-to sets may be passed to the propagation phase module 306 and/or the application phase module 310 .
- the points-to sets may be stored in a memory location accessible to the propagation phase module 306 and/or the application phase module 310 .
- the propagation phase module 306 of FIG. 3 is configured to analyze: (1) each function in the set of program instructions 301 and (2) each call-site within each function that is not a restore and return instruction (e.g., instructions that are not longjmp instructions). Each call-site that is not a restore and return instruction within a function in the set of program instructions 301 is analyzed.
- the propagation phase module 306 determines the runtime environment(s) that may be restored by these call-sites and modifies the points-to sets generated by the summary phase module 304 to include the runtime environment(s) that may be restored from the call-sites that are not restore and return instructions. For example, the propagation phase module 306 may analyze the function main( ) of FIG.
- the illustrated propagation phase module 306 updates the points-to set created by the summary phase module 304 for the function main( ) to include the setjmp buffers containing the runtime environments restored by the call-sites within the function.
- the control flow graph module 308 of FIG. 3 is configured to receive the set of program instructions 301 and to generate a control flow graph. Persons of ordinary skill in the art will readily appreciate that control flow graphs and methods and apparatus to generate control flow graphs are well known in the art. Any known method may be used by the control flow graph module 308 to generate the control flow graph. However, unlike prior art methods and apparatus, the control flow graph module 308 is configured to reduce and/or optimize the control flow graph based on instructions from the application phase module 310 . For example, the application phase module 310 may determine a directed edge is unnecessary and instruct the control flow graph module 308 to remove the directed edge from the control flow graph.
- the application phase module 310 of FIG. 3 is configured to analyze the control flow graph generated by the control flow graph module 308 and the results of the points-to analysis to determine if the control flow graph is to be reduced and/or optimized.
- the application phase module 310 analyzes (1) each function in the set of program instructions 301 and (2) each call-site within the function that may invoke a restore and return instruction (e.g., a longjmp instruction).
- the application phase module 310 determines if a directed edge (e.g., a control flow edge) exists between a call-site and the successor blocks associated with the restore and return instructions in the function.
- the application phase module 310 determines if the directed edge can be deleted and/or removed.
- the application phase module 310 is configured to send instructions to the control flow graph module 308 to delete and/or remove unnecessary directed edges from the control flow graph.
- FIG. 4 A flowchart representative of example machine accessible instructions for implementing the apparatus 300 of FIG. 3 is shown in FIG. 4 .
- the machine accessible instructions comprise a program for execution by a processor such as the processor 906 shown in the example computer 900 discussed below in connection with FIG. 9 .
- the program may be embodied in software stored on a tangible medium such as a CD-ROM, a floppy disk, a hard drive, a digital versatile disk (DVD), or a memory associated with the processor 906 , but persons of ordinary skill in the art will readily appreciate that the entire program and/or parts thereof could alternatively be executed by a device other than the processor 906 and/or embodied in firmware or dedicated hardware in a well known manner.
- any or all of the points-to analysis module 302 , the summary phase module 304 , the propagation phase module 306 , the control flow graph module 308 , and the application phase module 310 could be implemented by software, hardware, and/or firmware.
- the example program is described with reference to the flowchart illustrated in FIG. 4 , persons of ordinary skill in the art will readily appreciate that many other methods of implementing the example program 400 may alternatively be used. For example, the order of execution of the blocks may be changed, and/or some of the blocks described may be changed, eliminated, or combined.
- the example process 400 of FIG. 4 begins when a software program comprising a set of program instructions 301 is received.
- the points-to analysis module 302 analyzes the set of program instructions 301 to determine the objects and/or the locations in memory that are referenced by pointers and other similar software constructs in the set of program instructions 301 .
- the results of the points-to analysis are passed to the summary phase module 304 and used to generate a plurality of points-to sets identifying the runtime environment(s) associated with restore and return instruction(s) (e.g., longjmp instruction(s)) within the set of program instructions 301 .
- restore and return instruction(s) e.g., longjmp instruction(s)
- a propagation phase begins.
- the propagation phase module 306 analyzes each call-site in the functions contained in the set of program instructions 301 and identifies the runtime environment(s) that may be restored by the call-sites. The identified runtime environment(s) are added to the corresponding points-to sets.
- an application phase begins.
- a control flow graph is generated by the control flow graph module 308 .
- the generated control flow graph 308 is passed to the application phase module 310 .
- the application phase module 310 uses the results of the points-to analysis and the propagation phase to determine if the control flow graph may be reduced and/or optimized by the control flow graph module 308 .
- the example process 400 begins when a software program comprising of a set of program instructions 301 is received.
- the points-to analysis module 302 performs a points-to analysis on the set of program instructions 301 (block 402 ).
- the points-to analysis module 302 analyzes memory references in the set of program instructions 301 such as pointers and determines the objects and/or memory locations the pointers are referencing.
- the points-to analysis module 302 may determine the setjmp buffer pointer env_foo points to the runtime environment stored in the setjmp buffer envA 106 .
- the results of the points-to analysis are stored for later use and/or are passed to the summary phase module 304 , the propagation phase module 306 , and/or the application phase module 310 .
- the summary phase module 304 receives the results of the points-to analysis and the set of program instructions 301 and begins the summary phase analysis (block 404 ).
- the summary phase analysis creates a points-to set (*function..longjmp_pt_set, where ⁇ tilde over ( ) ⁇ *.function, is a variable representative of a function name) for each function in the program instructions 301 .
- An example summary phase analysis is shown in FIG. 5 .
- the example summary phase analysis 500 of FIG. 5 begins by analyzing a first function (e.g., function A) in the set of program instructions 301 (block 502 ).
- the points-to set for the function A is structured to store the runtime environment(s) associated with the function A.
- the summary phase module 304 populates that set with the runtime environment(s) associated with function A.
- the points-to set is populated by analyzing the function A to create a list of restore and return instructions (e.g., longjmp instructions) and the setjmp buffer pointer(s) env associated with each of the restore and return instructions (e.g., env is an argument of the longjmp function) (block 506 ).
- the summary phase module 304 then enters a loop defined by blocks 507 , 508 , 5 10 where it uses the results of the points-to analysis to add the runtime environments(s) associated with the restore and return instructions to the points-to set for the function A (i.e., to A function.longjmp_pt_set) (block 508 ).
- the points-to set for the function A includes the runtime environment(s) that may be restored by the restore and return instruction(s) (e.g., the longjmp instruction(s)) in function A.
- the summary phase module 304 then analyzes the list of restore and return instruction (e.g., longjmp instruction) calls to determine if there are remaining restore and return instruction (e.g., longjmp instruction) calls in the function A to be analyzed (block 510 ). If there are restore and return instruction calls within the list that have not been analyzed (block 510 ), control returns to block 507 . If there are no restore and return instruction calls to be analyzed (block 510 ), the summary phase module 304 then determines if there is a function remaining in the set of program instructions 301 to be analyzed (block 512 ).
- restore and return instruction e.g., longjmp instruction
- a points-to set (*.Function.longjmp_pt_set) has been created for each function in the program instructions 301 , control returns to block 406 of FIG. 4 .
- the propagation phase module 306 begins the propagation phase analysis (block 406 ).
- An example propagation phase analysis is shown in FIG. 6 .
- the propagation phase module 306 examines the first function (e.g., function A) in the func_list (block 606 ) and creates a list of call-sites within the first function A which exclude restore and return instruction (e.g., longjmp instruction) calls (e.g., a call-site_list) (block 608 ).
- the first call-site (e.g., call-site C) in the call-site_list is retrieved (block 610 ).
- a points-to set corresponding to the function invoked by the first call-site (e.g., C.function.longjmp_pt_set) is also retrieved from the results of the summary phase analysis (block 610 ).
- the propagation phase module 306 updates a working copy of the points-to set for the first function A (e.g., A.function.longjmp_pt_set) to include the points-to set for the function invoked by the first call-cite C (e.g., C.function.longjmp_pt_set).
- the propagation phase module 306 determines whether every call-site in the call-site_list has been processed (block 613 ). If not, control returns to block 610 where the next call-site is retrieved and processed as explained above (but another unmodified copy of the points-to set for the function is not retrieved or stored, since only one unmodified copy is needed). As a result, the points-to set associated with the first function A (e.g., A.function.longjmp_pt_set) is updated to include all the runtime environments associated with the call-sites within the function A.
- control advances to block 614 .
- the points-to set A.function.longjmp_pt_set as updated at block 612 is then compared to the copy of the unmodified points-to set list for the first function A stored at block 610 . Based on the comparison, the propagation phase module 306 determines if the contents of the points-to set A.function.longjmp_pt_set have been changed (block 614 ). If the contents of the points-to set A.function.longjmp_pt_set have changed, the value of the variable done is set to false (block 616 ) and control advances to block 620 . If the contents of the points-to set A.function.longjmp_pt_set have not changed, the value of the variable is not changed, and control advances to block 620 without traversing block 616 .
- the propagation phase module 306 determines whether there are any remaining functions to examine. If there is a remaining function to examine (block 620 ), control returns to block 606 . If there are no remaining functions to examine (block 620 ), the propagation phase module 306 examines the value of the variable done (block 622 ). If the value of the variable done is false (block 622 ), control returns to block 602 . In other words, if the points-to set of any function has changed, control returns to block 602 where the done variable is reset to true and the analysis is repeated for all of the functions. If none of the points-to sets have changed (block 622 ), control advances to block 408 of FIG. 4 .
- control flow graph module 308 reviews the set of program instructions 301 to generate a control flow graph that represents the set of program instructions 301 (block 408 ). Persons of ordinary skill in the art will readily appreciate that there are several known methods to generate a control flow graph and any of these methods may be used by the control flow graph module 308 .
- the control flow graph is then used by the application phase module 410 to perform an application phase analysis (block 410 ). An example process for performing an application phase analysis is shown in FIG. 7 .
- the application phase module 310 creates a list of functions present in the set of program instructions (e.g., a func_list) (block 702 ).
- the first function in the list e.g., function A
- the application phase module 310 then creates a list of call-sites within the function A (e.g., a call-site_list) that may call a function containing a longjmp instruction (block 706 ) and begins to examine the first such call-site (e.g., call-site C) in the call-site list (block 708 ).
- the application phase module 310 then examines the control flow graph generated in block 408 of FIG. 4 to determine if a directed edge exists from the first call-site C to one or more successor blocks (block 710 ). To this end, the application phase module 310 may analyze the directed edges leaving a node representing the call-site to determine if the destination of the directed edge is a successor block. If a directed edge does not exist between the call-site C and a successor block (block 710 ), control advances to block 718 .
- the intersection set e.g., iSet
- iSet ⁇ ?)
- the application phase module 310 determines if there are any remaining call-sites to analyze. If so, control returns to block 708 . If, on the other hand, there are no remaining call-sites to analyze (i.e., all of the call-sites in the call-site list have been analyzed)(block 718 ), control advances to block 720 .
- the application phase module 310 determines if there are any remaining functions to analyze. If so, control returns to block 704 . If, on the other hand, there are no remaining functions to analyze (i.e., all of the functions in the function list have been analyzed)(block 720 ), the process of FIG. 7 and, thus, the process of FIG. 4 has completed.
- the example process 400 will now be applied to the example program 100 of FIG. 1 .
- the summary phase module 302 determines the points-to sets associated with each of the functions in the example program 100 (e.g., main o, foo( ), and bar( )).
- the propagation phase module 306 analyzes the function main( ) and determines there are two call-sites within the function main( ) that have a non-empty points-to set (e.g., foo( ) and bar( )).
- the points-to set associated with the function main( ) is updated to include the non-empty points-to sets.
- the resulting points-to set is shown below.
- main . longjmp_pt ⁇ _set ⁇ ⁇ foo . longjmp_pt ⁇ _set ⁇ bar .
- the application phase module 310 determines the directed edge 204 of FIG. 2 is not needed because iSet 2 equals the empty set and instructs the control flow module 308 to delete the directed edge 204 of FIG. 2 .
- the application phase module 310 continues by examining the directed edges from bar( ) to the successor blocks (e.g., the basic blocks 116 , 122 ) and calculates the iSet for each successor block as shown below.
- iSet1 bar .
- FIG. 9 is a block diagram of an example computer system which may execute the machine accessible instructions represented by the flowcharts of FIGS. 4, 5 , 6 , and/or 7 to implement the apparatus 300 of FIG. 3 .
- the computer system 900 may be a personal computer (PC) or any other computing device.
- the computer system 900 includes a main processing unit 902 powered by a power supply 904 .
- the main processing unit 902 may include a processor 906 electrically coupled by a system interconnect 908 to a main memory device 910 , a flash memory device 912 , and one or more interface circuits 914 .
- the system interconnect 908 is an address/data bus.
- interconnects other than busses may be used to connect the processor 906 to the other devices 910 , 912 , and 914 .
- one or more dedicated lines and/or a crossbar may be used to connect the processor 906 to the other devices 910 , 912 , and 914 .
- the processor 906 may be any type of well known processor, such as a processor from the Intel Pentium® family of microprocessors, the Intel Itanium® family of microprocessors, the Intel Centrino® family of microprocessors, and/or the Intel XScale® family of microprocessors.
- the processor 906 may include any type of well known cache memory, such as static random access memory (SRAM).
- SRAM static random access memory
- the main memory device 910 may include dynamic random access memory (DRAM) and/or any other form of random access memory.
- the main memory device 910 may include double data rate random access memory (DDRAM).
- the main memory device 910 may also include non-volatile memory.
- the main memory device 910 stores a software program that is executed by the processor 906 in a well known manner.
- the flash memory device 912 may be any type of flash memory device.
- the flash memory device 912 may store firmware used to boot the computer system 900 .
- the interface circuit(s) 914 may be implemented using any type of well known interface standard, such as an Ethernet interface and/or a Universal Serial Bus (USB) interface.
- One or more input devices 916 may be connected to the interface circuits 914 for entering data and commands into the main processing unit 902 .
- an input device 916 may be a keyboard, mouse, touch screen, track pad, track ball, isopoint, and/or a voice recognition system.
- One or more displays, printers, speakers, and/or other output devices 918 may also be connected to the main processing unit 902 via one or more of the interface circuits 914 .
- the display 918 may be a cathode ray tube (CRT), a liquid crystal displays (LCD), or any other type of display.
- the display 918 may generate visual indications of data generated during operation of the main processing unit 902 .
- the visual indications may include prompts for human operator input, calculated values, detected data, etc.
- the computer system 900 may also include one or more storage devices 920 .
- the computer system 900 may include one or more hard drives, a compact disk (CD) drive, a digital versatile disk drive (DVD), and/or other computer media input/output (I/O) devices.
- CD compact disk
- DVD digital versatile disk drive
- I/O computer media input/output
- the computer system 900 may also exchange data with other devices 922 via a connection to a network 924 .
- the network connection may be any type of network connection, such as an Ethernet connection, digital subscriber line (DSL), telephone line, coaxial cable, etc.
- the network 924 may be any type of network, such as the Internet, a telephone network, a cable network, and/or a wireless network.
- the network devices 922 may be any type of network devices 922 .
- the network device 922 may be a client, a server, a hard drive, etc.
Abstract
Description
- The present disclosure pertains to compilers and, more particularly, to methods and apparatus to reduce a control flow graph.
- Modern day compilers create data structures such as, for example, a control flow graph to represent the program instructions to be compiled and/or optimized by the compiler. The control flow graph includes nodes and directed edges. Each node represents a basic block (e.g., a straight-line (i.e., sequential) segment of program instructions without any jumps or jump targets in the middle of the segment). The directed edges of the control flow graph represent jumps and/or transitions from a first basic block to a second basic block in the program instructions. Jumps may be a function call, a conditional statement, etc.
- Typical compilers will create a control flow graph using a conservative approach in the presence of instructions used to bypass standard function call and return procedures (e.g., return instructions) such as a setjmp and/or a longjmp instruction in the C programming language. The setjmp and longjmp instructions are used in pairs to enable repeat execution of code with the same program state. More specifically, the setjmp instruction is used to save a runtime environment (e.g., values of variables, object values, stack pointer value, and register values) in a setjmp buffer. The longjmp instruction is used to restore the runtime environment saved in the setjmp buffer by the corresponding setjmp instruction and to return control to the instruction immediately following the setjmp instruction such that the instruction following the setjmp instruction executes in the restored runtime environment. The argument of a longjmp instruction is a pointer which references a setjmp buffer that stores the runtime environment the longjmp instruction is to restore. (The setjmp/longjmp approach is, in some respects, more useful then using a traditional goto statement. For instance, a goto statement is limited to affecting a local jump whereas a longjmp instruction may be used for a non-local jump.)
- The conservative approach used by typical compilers generally assumes that any function call reachable from a setjmp instruction may return control to the program instruction following the setjmp instruction. In other words, the conservative approach assumes: (1) that every function that may be executed after a setjmp instruction has been executed may contain a longjmp instruction, and (2) the function may return control to the basic block following the setjmp instruction (e.g., a successor block). This conservative approach results in extraneous directed edges in the control flow graph. The extraneous directed edges may have an effect on the amount of optimization a compiler may perform.
-
FIG. 1 is a listing of an example program containing setjmp and longjmp instructions. -
FIG. 2 is an example control flow graph that may be created by a known compiler to represent the function main( ) ofFIG. 1 . -
FIG. 3 is a block diagram of an example embodiment of the invention for creating a reduced control flow graph. -
FIG. 4 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the example system ofFIG. 3 . -
FIG. 5 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the summary phase analysis block ofFIG. 4 . -
FIG. 6 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the propagation phase analysis block ofFIG. 4 . -
FIG. 7 is a flowchart representative of example machine accessible instructions which may be executed by a device to implement the application phase analysis block ofFIG. 4 . -
FIG. 8 is an example control flow graph that may be generated by the example apparatus ofFIG. 3 and/or the machine accessible instructions ofFIGS. 4-7 . -
FIG. 9 is a block diagram of an example computer system which may execute the machine accessible instructions represented by the flowcharts ofFIGS. 4, 5 , 6, and/or 7 to implement the apparatus ofFIG. 3 . - Although, for purposes of illustration, the following discussion frequently refers to longjmp instructions, persons of ordinary skill in the art will appreciate that any other type of instruction that restores a runtime environment and directs control to a predetermined code location (possibly by bypassing standard function calls and return procedures) may also be processed by the methods and apparatus disclosed herein. Therefore, the term {tilde over ( )}restore and return instruction” will be used in this patent to refer to a longjmp instruction or any other type of instruction that restores a runtime environment and returns control to a code location. Persons of ordinary skill in the art will further appreciate that any reference to a longjmp instruction in the following description and figures is made for purposes of illustrating a specific example of a restore and return instruction, not to exclude the possibility of using the disclosed methods and apparatus with other possible restore and return instructions.
-
FIG. 1 represents anexample program 100 containing setjmp and longjmp instructions. The function main( ) includes twosetjmp instructions first setjmp instruction 102 causes a first runtime environment to be stored in a firstsetjmp buffer envA 106. Execution of thesecond setjmp instruction 102 causes a second runtime environment to be stored in a secondsetjmp buffer envB 108. Thesetjmp buffers setjmp buffers envA 106,envB 108 store and/or save the runtime environment that is active when theircorresponding setjmp instruction setjmp instruction 102 is executed, the runtime environment present at that time is saved in thesetjmp buffer envA 106. Similarly, when thesetjmp instruction 104 is executed, the runtime environment present at that time is saved in thesetjmp buffer envB 108. The setjmp buffers envA, envB may contain the values of the stack pointer, variables, and/or the registers as of the time theircorresponding setjmp instructions - In the example of
FIG. 1 , the function main( ) also has two call-sites, namely, a call-site 110 to execute foo( ) and a call-site 112 to execute bar( ). The call-site 110 invokes foo( ) with thesetjmp buffer envA 106 as an argument and, therefore, alongjmp instruction 114 in foo( ) uses a pointer to the runtime environment stored in thesetjmp buffer envA 106 as an argument. (The argument of a longjmp instruction is referred to herein as a setjmp buffer pointer.) Thelongjmp instruction 114 may be executed to restore the runtime environment stored in thesetjmp buffer envA 106 and to return program execution to a basic block 116 (e.g., the successor block associated with thesetjmp instruction 102 that caused the runtime environment to be stored in the setjmp buffer envA). The call-site 112 invokes function bar( ) with thesetjmp buffer envA 106 and thesetjmp buffer envB 108 as arguments. A person of ordinary skill in the art will readily appreciate that alongjmp instruction 118 within the function bar( ) uses a pointer to thesetjmp buffer envA 106 as its argument, and alongjmp instruction 120 within the function bar( ) uses a pointer to thesetjmp buffer envB 108 as its argument. Thelongjmp instruction 118 may be executed to restore the runtime environment stored in thesetjmp buffer envA 106 and to return program execution to the basic block 116 (e.g., a successor block associated with the setjmp instruction 102), and thelongjmp instruction 120 may be executed to restore the runtime environment stored in thesetjmp buffer envB 108 and to return program execution to a basic block 122 (e.g., a successor block associated with the setjmp instruction 104). -
FIG. 2 is acontrol flow graph 200 that may be created by a known compiler to represent the function main( ) ofFIG. 1 . Each node of thecontrol flow graph 200 represents a basic block of main( ). For example, thenode 202 represents the call-site 110 to invoke foo( ). Each directed edge (e.g., each control flow edge) of thecontrol flow graph 200 represents a possible instruction execution path and/or a jump instruction. An example directed edge is the directededge 208 that indicates control may advance to a node 214 (e.g., the call-site 112) after foo( ) is executed. Methods to generate thecontrol flow graph 200 ofFIG. 2 are well known in the art and are not described herein. - The
control flow graph 200 includes thenode 202 that has three directed edges (e.g., directededges directed edge 204 indicates thenode 202 may return control tonode 210 where thenode 210 represents thebasic block 122 ofFIG. 1 . The directededge 206 indicates thenode 202 may return control to a node 212 (e.g., thebasic block 116 ofFIG. 1 ) if thelongjmp instruction 114 ofFIG. 1 is executed. The directededge 208 indicates control may advance fromnode 202 to the node 214 (e.g., the call-site 112 ofFIG. 1 ) if thelongjmp instruction 114 ofFIG. 1 is not executed and foo( ) returns using standard return procedures. A person of ordinary skill in the art will readily appreciate that in some examples only two of the directededges edge 204 is generated because the known compiler assumes any function call reachable from thesetjmp instruction 104 ofFIG. 1 may return control to the successor block associated with the setjmp instruction (e.g., the basic block 122). In other words, the directededge 204 is generated by a known compiler because the known compiler assumes the call-site 110 may, in theory, return control to the successor block of thesetjmp instruction 104. - The
node 214 also has three directed edges (e.g.,directed edges edge 216 indicates control may advance from thenode 214 to the node 210 (e.g., thebasic block 122 ofFIG. 1 ) if thelongjmp instruction 118 ofFIG. 1 is executed. The directededge 218 indicates control may advance from thenode 214 to the node 212 (e.g., thebasic block 116 ofFIG. 1 ) if thelongjmp instruction 120 ofFIG. 1 is executed. The directededge 220 indicates thenode 214 may return control to anode 222 if neither thelongjmp instruction 118 nor thelongjmp instruction 120 is executed and bar( ) returns using standard return procedures. -
FIG. 3 is a block diagram of anexample apparatus 300 for reducing a control flow graph such as the examplecontrol flow graph 200 ofFIG. 2 . Theapparatus 300 may be implemented as several components of hardware each configured to perform one or more functions, may be implemented in software and/or firmware where one or more programs are used to perform the different functions, or may be a combination of hardware, firmware, and/or software. In this example, theapparatus 300 includes a points-toanalysis module 302, asummary phase module 304, apropagation phase module 306, a controlflow graph module 308, and anapplication phase module 310 which operate upon a set ofprogram instructions 301. - The points-to
analysis module 302 is configured to receive the set ofprogram instructions 301 from a compiler and to perform a points-to analysis on the program instructions. Specifically, the example points-toanalysis module 302 examines memory references in the set ofprogram instructions 301 and identifies the objects and/or memory locations the pointers are referencing. For example, the points-toanalysis module 302 may determine the setjmp buffer pointer env_bar1 references the runtime environment stored in setjmp buffer envA. The points-toanalysis module 302 is configured to store the results of the points-to analysis and to provide the results to thesummary phase module 304 and/or theapplication phase module 310. Thesummary phase module 304 may query the points-toanalysis module 302 for the results of the points-to analysis and/or the points-toanalysis module 302 may store the results in a memory location accessible to thesummary phase module 304, thepropagation phase module 306, and/or theapplication phase module 310. - The
summary phase module 304 is configured to analyze: (1) each function in the set ofprogram instructions 301 and (2) call-site(s) within each function that restore a runtime environment and bypass standard function calls and return procedures (e.g., each restore and return instruction such as a longjmp instruction). Thesummary phase module 304 examines each function within the set ofprogram instructions 301 and uses the points-to analysis results generated by the points-toanalysis module 302 to determine the runtime environment associated with each restore and return instruction (e.g., the runtime environment restored by each longjmp instruction). Thesummary phase module 304 ofFIG. 3 generates a data structure (e.g., a points-to set) for each function in the set ofprogram instructions 301 and stores the runtime environment(s) associated with each restore and return instruction (e.g., each longjmp instruction) within the function in the corresponding points-to set. For example, thesummary phase module 304 may analyze the function bar( ) ofFIG. 1 , and determine that the runtime environments restored bylongjmp instructions setjmp buffer envA 106 and the runtime environment stored in thesetjmp buffer envB 108. Thesummary phase module 304 thus stores the contents of the setjmp buffers 106, 108 in the points-to set for the function bar( ). In other words, the points-to set “bar.longjmp_pt_set” for the function bar( ) is modified in accordance with the following equation: bar.longjmp_pt_set={thesetjmp buffer envA 106 and the setjmp buffer envB 108}). The resulting points-to sets may be passed to thepropagation phase module 306 and/or theapplication phase module 310. Alternatively, the points-to sets may be stored in a memory location accessible to thepropagation phase module 306 and/or theapplication phase module 310. - The
propagation phase module 306 ofFIG. 3 is configured to analyze: (1) each function in the set ofprogram instructions 301 and (2) each call-site within each function that is not a restore and return instruction (e.g., instructions that are not longjmp instructions). Each call-site that is not a restore and return instruction within a function in the set ofprogram instructions 301 is analyzed. Thepropagation phase module 306 determines the runtime environment(s) that may be restored by these call-sites and modifies the points-to sets generated by thesummary phase module 304 to include the runtime environment(s) that may be restored from the call-sites that are not restore and return instructions. For example, thepropagation phase module 306 may analyze the function main( ) ofFIG. 1 and determine the runtime environments that may be restored by the call-sites setjmp buffer envA 106 and the runtime environment stored in thesetjmp buffer envB 108. In such circumstances, the illustratedpropagation phase module 306 updates the points-to set created by thesummary phase module 304 for the function main( ) to include the setjmp buffers containing the runtime environments restored by the call-sites within the function. - The control
flow graph module 308 ofFIG. 3 is configured to receive the set ofprogram instructions 301 and to generate a control flow graph. Persons of ordinary skill in the art will readily appreciate that control flow graphs and methods and apparatus to generate control flow graphs are well known in the art. Any known method may be used by the controlflow graph module 308 to generate the control flow graph. However, unlike prior art methods and apparatus, the controlflow graph module 308 is configured to reduce and/or optimize the control flow graph based on instructions from theapplication phase module 310. For example, theapplication phase module 310 may determine a directed edge is unnecessary and instruct the controlflow graph module 308 to remove the directed edge from the control flow graph. - To this end, the
application phase module 310 ofFIG. 3 is configured to analyze the control flow graph generated by the controlflow graph module 308 and the results of the points-to analysis to determine if the control flow graph is to be reduced and/or optimized. Theapplication phase module 310 analyzes (1) each function in the set ofprogram instructions 301 and (2) each call-site within the function that may invoke a restore and return instruction (e.g., a longjmp instruction). Theapplication phase module 310 determines if a directed edge (e.g., a control flow edge) exists between a call-site and the successor blocks associated with the restore and return instructions in the function. As explained in detail below, if a directed edge exists between a call-site and a successor block, theapplication phase module 310 determines if the directed edge can be deleted and/or removed. Theapplication phase module 310 is configured to send instructions to the controlflow graph module 308 to delete and/or remove unnecessary directed edges from the control flow graph. - A flowchart representative of example machine accessible instructions for implementing the
apparatus 300 ofFIG. 3 is shown inFIG. 4 . In this example, the machine accessible instructions comprise a program for execution by a processor such as theprocessor 906 shown in theexample computer 900 discussed below in connection withFIG. 9 . The program may be embodied in software stored on a tangible medium such as a CD-ROM, a floppy disk, a hard drive, a digital versatile disk (DVD), or a memory associated with theprocessor 906, but persons of ordinary skill in the art will readily appreciate that the entire program and/or parts thereof could alternatively be executed by a device other than theprocessor 906 and/or embodied in firmware or dedicated hardware in a well known manner. For example, any or all of the points-toanalysis module 302, thesummary phase module 304, thepropagation phase module 306, the controlflow graph module 308, and theapplication phase module 310 could be implemented by software, hardware, and/or firmware. Further, although the example program is described with reference to the flowchart illustrated inFIG. 4 , persons of ordinary skill in the art will readily appreciate that many other methods of implementing theexample program 400 may alternatively be used. For example, the order of execution of the blocks may be changed, and/or some of the blocks described may be changed, eliminated, or combined. - The
example process 400 ofFIG. 4 begins when a software program comprising a set ofprogram instructions 301 is received. The points-toanalysis module 302 analyzes the set ofprogram instructions 301 to determine the objects and/or the locations in memory that are referenced by pointers and other similar software constructs in the set ofprogram instructions 301. The results of the points-to analysis are passed to thesummary phase module 304 and used to generate a plurality of points-to sets identifying the runtime environment(s) associated with restore and return instruction(s) (e.g., longjmp instruction(s)) within the set ofprogram instructions 301. After thesummary phase module 304 generates the points-to sets identifying the runtime environment(s) associated with the restore and return instruction(s), a propagation phase begins. During the propagation phase, thepropagation phase module 306 analyzes each call-site in the functions contained in the set ofprogram instructions 301 and identifies the runtime environment(s) that may be restored by the call-sites. The identified runtime environment(s) are added to the corresponding points-to sets. - After each call-site has been analyzed in each of the functions in the set of
program instructions 301, an application phase begins. During the application phase, a control flow graph is generated by the controlflow graph module 308. The generatedcontrol flow graph 308 is passed to theapplication phase module 310. Theapplication phase module 310 uses the results of the points-to analysis and the propagation phase to determine if the control flow graph may be reduced and/or optimized by the controlflow graph module 308. - Turning specifically to
FIG. 4 , theexample process 400 begins when a software program comprising of a set ofprogram instructions 301 is received. The points-toanalysis module 302 performs a points-to analysis on the set of program instructions 301 (block 402). In particular, the points-toanalysis module 302 analyzes memory references in the set ofprogram instructions 301 such as pointers and determines the objects and/or memory locations the pointers are referencing. For example, the points-toanalysis module 302 may determine the setjmp buffer pointer env_foo points to the runtime environment stored in thesetjmp buffer envA 106. The results of the points-to analysis are stored for later use and/or are passed to thesummary phase module 304, thepropagation phase module 306, and/or theapplication phase module 310. - The
summary phase module 304 receives the results of the points-to analysis and the set ofprogram instructions 301 and begins the summary phase analysis (block 404). The summary phase analysis creates a points-to set (*function..longjmp_pt_set, where {tilde over ( )}*.function, is a variable representative of a function name) for each function in theprogram instructions 301. An example summary phase analysis is shown inFIG. 5 . - The example
summary phase analysis 500 ofFIG. 5 begins by analyzing a first function (e.g., function A) in the set of program instructions 301 (block 502). Thesummary phase module 304 initializes a points-to set for the first function A (i.e., A.function.longjmp_pt_set (the various points-to sets are represented generically by *.function.longjmp_pt_set such that the points-to set of function A is represented by A.function.iongjmp_pt_set) to the empty set (e.g., A.function.longjmp_pt_set={}). The points-to set for the function A is structured to store the runtime environment(s) associated with the function A. - After the points-to set A.function.longjmp_pt_set is initialized (block 504), the
summary phase module 304 populates that set with the runtime environment(s) associated with function A. In the illustrated example, the points-to set is populated by analyzing the function A to create a list of restore and return instructions (e.g., longjmp instructions) and the setjmp buffer pointer(s) env associated with each of the restore and return instructions (e.g., env is an argument of the longjmp function) (block 506). Thesummary phase module 304 then enters a loop defined byblocks - The
summary phase module 304 then analyzes the list of restore and return instruction (e.g., longjmp instruction) calls to determine if there are remaining restore and return instruction (e.g., longjmp instruction) calls in the function A to be analyzed (block 510). If there are restore and return instruction calls within the list that have not been analyzed (block 510), control returns to block 507. If there are no restore and return instruction calls to be analyzed (block 510), thesummary phase module 304 then determines if there is a function remaining in the set ofprogram instructions 301 to be analyzed (block 512). If there is a function remaining to be analyzed (block 512), control returns to block 502 where the process is performed for the new function (e.g., for function B, a new points-to set B.function.longjmp_pt_set is initialized to an empty set (block 504), and the control proceeds through blocks 506-508 and 510 with respect to the new function B and the new points-to set B.function.longjmp_pt_set.). When all of the functions have been analyzed such that a points-to set (*.Function.longjmp_pt_set) has been created for each function in theprogram instructions 301, control returns to block 406 ofFIG. 4 . - After the summary phase analysis is completed (block 404), the
propagation phase module 306 begins the propagation phase analysis (block 406). An example propagation phase analysis is shown inFIG. 6 . - The example
propagation phase analysis 600 ofFIG. 6 begins by initializing a variable done to a predetermined state (e.g., done=true) (block 602) and creating a list of functions within the set of program instructions 301 (e.g., a func_list) (block 604). Thepropagation phase module 306 examines the first function (e.g., function A) in the func_list (block 606) and creates a list of call-sites within the first function A which exclude restore and return instruction (e.g., longjmp instruction) calls (e.g., a call-site_list) (block 608). The first call-site (e.g., call-site C) in the call-site_list is retrieved (block 610). A points-to set corresponding to the function invoked by the first call-site (e.g., C.function.longjmp_pt_set) is also retrieved from the results of the summary phase analysis (block 610). ({tilde over ( )}C.function” in {tilde over ( )}C.function.longjmp_pt_set” indicates the function invoked by the call-site C.) In addition, the contents of the points-to set associated with the first function A (e.g., A.function.longjmp_pt_set) are retrieved and a copy of the points-to set associated with the first function A is saved for later use as explained below (block 610). Thepropagation phase module 306 updates a working copy of the points-to set for the first function A (e.g., A.function.longjmp_pt_set) to include the points-to set for the function invoked by the first call-cite C (e.g., C.function.longjmp_pt_set). In other words, the working copy of the points-to set for the first function A is updated in accordance with the following equation: A.function.longjmp_pt_set=C.function.longjmp_pt_set ∪ A.function.longjmp_pt_set) (block 612). - The
propagation phase module 306 then determines whether every call-site in the call-site_list has been processed (block 613). If not, control returns to block 610 where the next call-site is retrieved and processed as explained above (but another unmodified copy of the points-to set for the function is not retrieved or stored, since only one unmodified copy is needed). As a result, the points-to set associated with the first function A (e.g., A.function.longjmp_pt_set) is updated to include all the runtime environments associated with the call-sites within the function A. - When all of the call-sites in the function have been processed (block 613), control advances to block 614. The points-to set A.function.longjmp_pt_set as updated at
block 612 is then compared to the copy of the unmodified points-to set list for the first function A stored atblock 610. Based on the comparison, thepropagation phase module 306 determines if the contents of the points-to set A.function.longjmp_pt_set have been changed (block 614). If the contents of the points-to set A.function.longjmp_pt_set have changed, the value of the variable done is set to false (block 616) and control advances to block 620. If the contents of the points-to set A.function.longjmp_pt_set have not changed, the value of the variable is not changed, and control advances to block 620 without traversingblock 616. - At
block 620, thepropagation phase module 306 determines whether there are any remaining functions to examine. If there is a remaining function to examine (block 620), control returns to block 606. If there are no remaining functions to examine (block 620), thepropagation phase module 306 examines the value of the variable done (block 622). If the value of the variable done is false (block 622), control returns to block 602. In other words, if the points-to set of any function has changed, control returns to block 602 where the done variable is reset to true and the analysis is repeated for all of the functions. If none of the points-to sets have changed (block 622), control advances to block 408 ofFIG. 4 . - After the propagation phase analysis is completed (block 406), the control
flow graph module 308 reviews the set ofprogram instructions 301 to generate a control flow graph that represents the set of program instructions 301 (block 408). Persons of ordinary skill in the art will readily appreciate that there are several known methods to generate a control flow graph and any of these methods may be used by the controlflow graph module 308. The control flow graph is then used by theapplication phase module 410 to perform an application phase analysis (block 410). An example process for performing an application phase analysis is shown inFIG. 7 . - When, the example
application phase analysis 700 ofFIG. 7 begins, theapplication phase module 310 creates a list of functions present in the set of program instructions (e.g., a func_list) (block 702). The first function in the list (e.g., function A) is then examined (block 704). Theapplication phase module 310 then creates a list of call-sites within the function A (e.g., a call-site_list) that may call a function containing a longjmp instruction (block 706) and begins to examine the first such call-site (e.g., call-site C) in the call-site list (block 708). - The
application phase module 310 then examines the control flow graph generated inblock 408 ofFIG. 4 to determine if a directed edge exists from the first call-site C to one or more successor blocks (block 710). To this end, theapplication phase module 310 may analyze the directed edges leaving a node representing the call-site to determine if the destination of the directed edge is a successor block. If a directed edge does not exist between the call-site C and a successor block (block 710), control advances to block 718. Otherwise, theapplication phase module 310 determines an intersection of the points-to set of the function invoked by the call-site (e.g., for call-site C, the points-to set is C.function.longjmp_pt_set) and the runtime environment env corresponding to the setjmp instruction preceding the successor block (e.g., iSet=C.function.longjmp_pt_set ∩ envA) (block 712). - The
application phase module 310 then determines if the intersection set (e.g., iSet) is an empty set (e.g., is iSet={}?) (block 714). If the iSet is not an empty set (block 714), theapplication phase module 310 determines the directed edge cannot be removed and control advances to block 718. If the iSet is an empty set (block 714), theapplication phase module 310 determines the directed edge is unnecessary, and theapplication phase module 310 sends an instruction to the controlflow graph module 308 to delete the directed edge from the call-site C to the successor block from the control flow graph (block 716). Control then advances to block 718. - At
block 718, theapplication phase module 310 determines if there are any remaining call-sites to analyze. If so, control returns to block 708. If, on the other hand, there are no remaining call-sites to analyze (i.e., all of the call-sites in the call-site list have been analyzed)(block 718), control advances to block 720. - At
block 720, theapplication phase module 310 determines if there are any remaining functions to analyze. If so, control returns to block 704. If, on the other hand, there are no remaining functions to analyze (i.e., all of the functions in the function list have been analyzed)(block 720), the process ofFIG. 7 and, thus, the process ofFIG. 4 has completed. - To further illustrate the
example process 400 ofFIG. 4 , theexample process 400 will now be applied to theexample program 100 ofFIG. 1 . During the summary phase of the example process 400 (e.g., block 404), thesummary phase module 302 determines the points-to sets associated with each of the functions in the example program 100 (e.g., main o, foo( ), and bar( )). The resulting points-to sets are main.longjmp_pt_set={} - During the propagation phase of the example process 400 (e.g., block 406), the
propagation phase module 306 analyzes the function main( ) and determines there are two call-sites within the function main( ) that have a non-empty points-to set (e.g., foo( ) and bar( )). The points-to set associated with the function main( ) is updated to include the non-empty points-to sets. The resulting points-to set is shown below. - During the application phase, the
application phase module 310 analyzes thecontrol flow graph 200 ofFIG. 2 and determines that both foo( ) and bar( ) may invoke a longjmp instruction. By analyzing thecontrol flow graph 200 theapplication phase module 310 determines there are two directed edges from foo( ) to successor blocks (e.g., thebasic blocks FIG. 1 ). As described above, theapplication phase module 310 calculates the iSet for each successor block as shown below.
Theapplication phase module 310 determines the directededge 204 ofFIG. 2 is not needed because iSet2 equals the empty set and instructs thecontrol flow module 308 to delete the directededge 204 ofFIG. 2 . - The
application phase module 310 continues by examining the directed edges from bar( ) to the successor blocks (e.g., thebasic blocks 116, 122) and calculates the iSet for each successor block as shown below.
Theapplication phase module 310 does not instruct the controlflow graph module 308 to delete any directed edges associated with bar( ) because neither iSet1 nor iSet2 are equal to the empty set. The resultingcontrol flow graph 800 is illustrated inFIG. 8 . -
FIG. 9 is a block diagram of an example computer system which may execute the machine accessible instructions represented by the flowcharts ofFIGS. 4, 5 , 6, and/or 7 to implement theapparatus 300 ofFIG. 3 . Thecomputer system 900 may be a personal computer (PC) or any other computing device. In the illustrated example, thecomputer system 900 includes amain processing unit 902 powered by apower supply 904. Themain processing unit 902 may include aprocessor 906 electrically coupled by asystem interconnect 908 to amain memory device 910, aflash memory device 912, and one ormore interface circuits 914. In an example, thesystem interconnect 908 is an address/data bus. Of course, a person of ordinary skill in the art will readily appreciate that interconnects other than busses may be used to connect theprocessor 906 to theother devices processor 906 to theother devices - The
processor 906 may be any type of well known processor, such as a processor from the Intel Pentium® family of microprocessors, the Intel Itanium® family of microprocessors, the Intel Centrino® family of microprocessors, and/or the Intel XScale® family of microprocessors. In addition, theprocessor 906 may include any type of well known cache memory, such as static random access memory (SRAM). Themain memory device 910 may include dynamic random access memory (DRAM) and/or any other form of random access memory. For example, themain memory device 910 may include double data rate random access memory (DDRAM). Themain memory device 910 may also include non-volatile memory. In an example, themain memory device 910 stores a software program that is executed by theprocessor 906 in a well known manner. Theflash memory device 912 may be any type of flash memory device. Theflash memory device 912 may store firmware used to boot thecomputer system 900. - The interface circuit(s) 914 may be implemented using any type of well known interface standard, such as an Ethernet interface and/or a Universal Serial Bus (USB) interface. One or
more input devices 916 may be connected to theinterface circuits 914 for entering data and commands into themain processing unit 902. For example, aninput device 916 may be a keyboard, mouse, touch screen, track pad, track ball, isopoint, and/or a voice recognition system. - One or more displays, printers, speakers, and/or
other output devices 918 may also be connected to themain processing unit 902 via one or more of theinterface circuits 914. Thedisplay 918 may be a cathode ray tube (CRT), a liquid crystal displays (LCD), or any other type of display. Thedisplay 918 may generate visual indications of data generated during operation of themain processing unit 902. The visual indications may include prompts for human operator input, calculated values, detected data, etc. - The
computer system 900 may also include one ormore storage devices 920. For example, thecomputer system 900 may include one or more hard drives, a compact disk (CD) drive, a digital versatile disk drive (DVD), and/or other computer media input/output (I/O) devices. - The
computer system 900 may also exchange data withother devices 922 via a connection to anetwork 924. The network connection may be any type of network connection, such as an Ethernet connection, digital subscriber line (DSL), telephone line, coaxial cable, etc. Thenetwork 924 may be any type of network, such as the Internet, a telephone network, a cable network, and/or a wireless network. Thenetwork devices 922 may be any type ofnetwork devices 922. For example, thenetwork device 922 may be a client, a server, a hard drive, etc. - In addition, persons of ordinary skill in the art will appreciate that, although certain methods, apparatus, and articles of manufacture have been described herein, the scope of coverage of this patent is not limited thereto. On the contrary, this patient covers all apparatus, methods and articles of manufacture fairly falling within the scope of the appended claims either literally or under the doctrine of equivalents.
Claims (28)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/927,672 US7634765B2 (en) | 2004-08-27 | 2004-08-27 | Methods and apparatus to reduce a control flow graph using points-to information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/927,672 US7634765B2 (en) | 2004-08-27 | 2004-08-27 | Methods and apparatus to reduce a control flow graph using points-to information |
Publications (2)
Publication Number | Publication Date |
---|---|
US20060047681A1 true US20060047681A1 (en) | 2006-03-02 |
US7634765B2 US7634765B2 (en) | 2009-12-15 |
Family
ID=35944647
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/927,672 Expired - Fee Related US7634765B2 (en) | 2004-08-27 | 2004-08-27 | Methods and apparatus to reduce a control flow graph using points-to information |
Country Status (1)
Country | Link |
---|---|
US (1) | US7634765B2 (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040230779A1 (en) * | 2003-05-15 | 2004-11-18 | Haghighat Mohammad R. | Methods and apparatus to perform return-address prediction |
US20110289303A1 (en) * | 2010-05-19 | 2011-11-24 | International Business Machines Corporation | Setjmp/longjmp for speculative execution frameworks |
US20120131559A1 (en) * | 2010-11-22 | 2012-05-24 | Microsoft Corporation | Automatic Program Partition For Targeted Replay |
US20160314058A1 (en) * | 2015-04-23 | 2016-10-27 | 3S-Smart Software Solutions GmbH | Method and system for measuring a runtime by means of watchpoints |
US20170109145A1 (en) * | 2015-10-15 | 2017-04-20 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US10255994B2 (en) | 2009-03-04 | 2019-04-09 | Masimo Corporation | Physiological parameter alarm delay |
US10613842B2 (en) * | 2018-04-30 | 2020-04-07 | International Business Machines Corporation | Simplifying a control flow graph based on profiling data |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020035722A1 (en) * | 1998-11-03 | 2002-03-21 | Mckinsey Christopher M. | Interactive instruction scheduling and block ordering |
US6381739B1 (en) * | 1996-05-15 | 2002-04-30 | Motorola Inc. | Method and apparatus for hierarchical restructuring of computer code |
US20020092005A1 (en) * | 2001-01-09 | 2002-07-11 | Scales Daniel J. | System and method for optimizing operations via dataflow analysis |
US20030233640A1 (en) * | 2002-04-29 | 2003-12-18 | Hewlett-Packard Development Company, L.P. | Structuring program code |
US20040243982A1 (en) * | 2000-04-19 | 2004-12-02 | Robison Arch D. | Data-flow method for optimizing exception-handling instructions in programs |
US20060190934A1 (en) * | 2005-02-18 | 2006-08-24 | International Business Machines Corporation | Method and apparatus for inlining native functions into compiled Java code |
US7100164B1 (en) * | 2000-01-06 | 2006-08-29 | Synopsys, Inc. | Method and apparatus for converting a concurrent control flow graph into a sequential control flow graph |
-
2004
- 2004-08-27 US US10/927,672 patent/US7634765B2/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6381739B1 (en) * | 1996-05-15 | 2002-04-30 | Motorola Inc. | Method and apparatus for hierarchical restructuring of computer code |
US20020035722A1 (en) * | 1998-11-03 | 2002-03-21 | Mckinsey Christopher M. | Interactive instruction scheduling and block ordering |
US7100164B1 (en) * | 2000-01-06 | 2006-08-29 | Synopsys, Inc. | Method and apparatus for converting a concurrent control flow graph into a sequential control flow graph |
US20040243982A1 (en) * | 2000-04-19 | 2004-12-02 | Robison Arch D. | Data-flow method for optimizing exception-handling instructions in programs |
US20020092005A1 (en) * | 2001-01-09 | 2002-07-11 | Scales Daniel J. | System and method for optimizing operations via dataflow analysis |
US20030233640A1 (en) * | 2002-04-29 | 2003-12-18 | Hewlett-Packard Development Company, L.P. | Structuring program code |
US20060190934A1 (en) * | 2005-02-18 | 2006-08-24 | International Business Machines Corporation | Method and apparatus for inlining native functions into compiled Java code |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7293265B2 (en) | 2003-05-15 | 2007-11-06 | Intel Corporation | Methods and apparatus to perform return-address prediction |
US20040230779A1 (en) * | 2003-05-15 | 2004-11-18 | Haghighat Mohammad R. | Methods and apparatus to perform return-address prediction |
US10255994B2 (en) | 2009-03-04 | 2019-04-09 | Masimo Corporation | Physiological parameter alarm delay |
US10366787B2 (en) | 2009-03-04 | 2019-07-30 | Masimo Corporation | Physiological alarm threshold determination |
US10325681B2 (en) | 2009-03-04 | 2019-06-18 | Masimo Corporation | Physiological alarm threshold determination |
US8640113B2 (en) * | 2010-05-19 | 2014-01-28 | International Business Machines Corporation | setjmp/longjmp for speculative execution frameworks |
US20110289303A1 (en) * | 2010-05-19 | 2011-11-24 | International Business Machines Corporation | Setjmp/longjmp for speculative execution frameworks |
US20120131559A1 (en) * | 2010-11-22 | 2012-05-24 | Microsoft Corporation | Automatic Program Partition For Targeted Replay |
US9946626B2 (en) * | 2015-04-23 | 2018-04-17 | Codesys Holding Gmbh | Method and system for measuring a runtime by means of watchpoints |
US20160314058A1 (en) * | 2015-04-23 | 2016-10-27 | 3S-Smart Software Solutions GmbH | Method and system for measuring a runtime by means of watchpoints |
US20170109145A1 (en) * | 2015-10-15 | 2017-04-20 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US20170109146A1 (en) * | 2015-10-15 | 2017-04-20 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US9916141B2 (en) * | 2015-10-15 | 2018-03-13 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US9921816B2 (en) * | 2015-10-15 | 2018-03-20 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US10224271B2 (en) * | 2015-10-15 | 2019-03-05 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US10325844B2 (en) | 2015-10-15 | 2019-06-18 | International Business Machines Corporation | Modifying execution flow in save-to-return code scenarios |
US10613842B2 (en) * | 2018-04-30 | 2020-04-07 | International Business Machines Corporation | Simplifying a control flow graph based on profiling data |
Also Published As
Publication number | Publication date |
---|---|
US7634765B2 (en) | 2009-12-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8533680B2 (en) | Approximating finite domains in symbolic state exploration | |
US8443343B2 (en) | Context-sensitive slicing for dynamically parallelizing binary programs | |
US6708326B1 (en) | Method, system and program product comprising breakpoint handling mechanism for debugging and/or monitoring a computer instruction sequence | |
US9229746B2 (en) | Identifying load-hit-store conflicts | |
US8429635B2 (en) | Controlling compiler optimizations | |
Mueller | Timing predictions for multi-level caches | |
US8806447B2 (en) | Step-type operation processing during debugging by machine instruction stepping concurrent with setting breakpoints | |
US9336128B2 (en) | Method and system for code analysis using symbolic types | |
US20120110553A1 (en) | Implementing a step-type operation during debugging of code using internal breakpoints | |
US7003762B2 (en) | Computer-implemented exception handling system and method | |
US20130024675A1 (en) | Return address optimisation for a dynamic code translator | |
US20040261064A1 (en) | Speculative compilation | |
US20060041875A1 (en) | Methods and apparatus for creating software basic block layouts | |
US20070089097A1 (en) | Region based code straightening | |
US20020049891A1 (en) | Parallel processing utilizing highly correlated data values | |
US10224271B2 (en) | Modifying execution flow in save-to-return code scenarios | |
US8458671B1 (en) | Method and system for stack back-tracing in computer programs | |
US7634765B2 (en) | Methods and apparatus to reduce a control flow graph using points-to information | |
US6314561B1 (en) | Intelligent cache management mechanism | |
US7735067B1 (en) | Avoiding signals when tracing user processes | |
US9720663B2 (en) | Methods, systems and apparatus to optimize sparse matrix applications | |
US8898625B2 (en) | Optimized storage of function variables | |
US20100153912A1 (en) | Variable type knowledge based call specialization | |
US8490115B2 (en) | Ambient state for asynchronous methods | |
US11429358B2 (en) | Representing asynchronous state machine in intermediate code |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTEL CORPORATION, CALIFORNIA Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GHIYA, RAKESH;COX, ROBERT J.;SEHR, DAVID C.;REEL/FRAME:015741/0769 Effective date: 20040827 |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FPAY | Fee payment |
Year of fee payment: 8 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20211215 |